Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 09-18-2008 09:59 AM
The most expensive and scarce resource for man is time, paradoxically, it' s infinite.
The most expensive and scarce resource for man is time, paradoxically, it' s infinite.
I wonder how this should work ... https is encrypted traffic ... how is it possible that it could be scanned?These devices start a " man-in-the-middle" attack -> they give away their own certificate (!!!!) and start their own ssl session to the server: Client <-https-> security device <-https-> ssl-website The problem with that is, that you totaly lose the control of the other points certificate!!! This is a problem by design, which will spend us some grey hair in future ;)! Especially when Fortigate offers this feature as well....
ORIGINAL: MasterBratac That means ... each https website is shown up in the webbrowser with a fortinet certificate? And everytime a user accesses a https website he has to klick away all those certificate error messages? That´s not good ...Yes -> It' ll be that way in FortiOS 4. You will be able to install a corporate cert which is then trusted! As I heard, there will also be a whitelist of https servers (via webfilter service???), which will not get scanned and so the authenticity of the servers will remain as usual, but no AV&IPS then....! cheers.roman
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.